The instructions regarding the login plugin instruct the administrator to enter users’ information including passwords.
If there is a private Grav site where users need a password to login and use the site, how will the users know what their passwords are if the administrator adds the passwords? Users of private sites usually create their own passwords.
Did you try to check what registration options the login plugin provides?
Hey @phil,
I’m afraid you misunderstood how the login plugin works.
When you say:
This is how all website with decent security would do. Nobody should ever store a password in plain text anywhere, so it makes sense for the passwords to be encrypted.
From what I understand you want:
Well, I have not used the login plugin myself, but from it’s documentation, I’m pretty sure it has all those features:
Well that’s the whole purpose of the plugin.
See this section of the documentation.
You’ll probably want to tweak the following settings:
route_register: '/user_register' # Route for the user registration page
user_registration:
enabled: true
fields:
...
Have a look at this section of the documentation.
In user registration you’ll customize this section:
access: # Default access to set for users created during registration
site:
login: 'true'
And in page headers:
access:
site.login: true
admin.login: true
Hope this if of some use to you 
How did you come to such conclusion? You didn’t even try to answer my latest question 
I’m pretty sure you can make site private where users require manual approval after registration with just a few checkboxes in the login plugin config
@karmalakas, I asked four AI’s what to do. I reread all of the documentation multiple times, and spent hours and hours trying to figure out how to do what want to do. And I still have no idea how to use Grav to create a website like other private websites where there may be one public page and the rest of the site is private, and potential users have to sign up, create a password and login to see the private part of the site. I readily admit I am not the sharpest knife in the drawer, and maybe that’s the reason I can’t figure it out, but I cannot spend forever trying to get this done. I’ve got many other higher priority things to do. I am not a website coding geek.
I would be delighted to find out I am wrong and there really is a way to achieve what I would like to achieve, but I’ve tried my best and spend a lot of time and I cannot figure it out.
Do you even read my posts? You still didn’t answer my question. Also you still keep talking about coding, when I told you it’s just a few checkboxes in the admin
You do you I guess
@Karmalakas, Sorry I haven’t responded to all of your posts, but I really didn’t know what to say. As I said earlier, I’ve read all of the documentation regarding registration multiple times, but I do not have enough experience and background in using Grav and the login plugin to know what registration even means or what it does or how to implement it. I tried creating a registration page and tried doing what I thought I was suppose to do by pasting in code (I assumed in the frontmatter, but wasn’t sure) but then I got totally lost.
I hope you are right that there is a way to use Grav with the existing login plugin to create a private website like many other commercial websites, but I honestly do not know how to do it. It’s a shame because I’ve spent a lot of time on the website project I’m working on and have 90% of it done and working despite many obstacles and would like to get the last 10% done, but I’ve hit a roadblock that I don’t know how to get around.
And yes, I tried changing options in the Login plugin configuration area. However, I didn’t understand what I was doing and, again, just got lost.
Which options exactly did you change?
As I recall, I changed the setting where the parent page controls all the subpages.
I’ve tried so many different things that I might have changed some of the other settings also.
The problem is, I don’t know how the registration feature is supposed to work or what it is supposed to do so I have no way of testing it. I think I would have to have some party try it out other than me.
I put “login: true” in the home page frontmatter, and when I did that, all I see is a blank page when I access the site.
I’m happy to give control of the site to anyone too so you can change things, but I don’t know how to do that either.
Yes if you want to manually approve usersPages
site.login option/user_register URLThere are a few issues that I’ve found though:
\user\accounts\account_name.yaml file the state option from disabled to enabled
@pamtbaau, maybe you know something about this? I couldn’t make it work. To me it seems like it might be a serious bugThanks to this post, I figured you need to Enable the Use parent access rules in the login config and all sub-pages inherit permissions
So as I mentiioned from the beginning - just a few checkboxes in the admin area login config
@Karmalakas, so, you first created a page on your site named user-register, is that correct? What needs to be in the frontmatter and content of the user-register page? Then, once you did the above steps, how does the site interact with potential users? Can you send an email, not from the site, but from some other email provider to potential users giving them your-site\user-register URL and then they can register to use your site? Do the potential users see any of the content before they register? Is that an option? If you don’t want them to see any of the content, what do you have to do to prevent them seeing the content, and then what do they see? Are the potential users creating an account for themselves when they register, and do they need admin approval before that happens or is account creation automatic? If they succeed in creating an account for themselves, are they then immediately logged in? Are they sent an email from the site telling them if they are approved to create an account? What if they already have an account? What happens then?
Every answer is based on my config example and everything can be changed to match your needs. Lots of the answers you could get just by trying to setup the site.
@Karmalakas, Hope it’s OK for me to write a little explanation of my experience. I decided I have so many questions and there is so much I do not know about Grav, that I couldn’t post all of my questions on this chat forum so I decided to try to use AI software to answer my questions. For no specific reason, I chose Grok. I probably spent over 100 hours in the last two weeks+ interacting with Grok. Earlier, I had created a lot of content - over 400 pages - which I converted from Google Sites and uploaded to IONOS which all worked fine as long as everything was public using a copy of the learn4 theme. To make a very long story short, I got to the point where Grok was having me make all kinds of changes, and I realized it was telling me things that I knew were wrong, so now I have to go back and undo most of the stuff I did the last couple weeks which is really upsetting. It turns out that I now believe things are much simpler than I thought. I succeeded, with Grok’s help, in making everything extraordinarily complicated and confusing, and it seemed like it would be impossible to ever get what I wanted. Now I have a little more hope, but it’s still complicated because there are so many settings and so many different ways of doing things. I’ll say one more thing. I wish everyone associated with Grav would be more interested in making Grav more understandable and easier to use for the average person.
@Karmalakas @squeak, Previously, in attempt to use the registration feature of the login plugin, I created a registration page not realizing there was a default, built-in registration page called user_register. I went to the sample Grav site that was downloaded when I installed Grav and enabled registration in the login plugin. Then, when I accessed grav/user_register, the registration form was displayed, but also all the sidebar menu items were displayed and the menu items worked so when you clicked on one of them, you are taken to that page. In other words, the site was accessible even before there was a login. Is there any reason why anyone would require users to register unless the site was private?
Did you do step 3 and then enable parent access rules?
When I first tried it, I was redirected to the login form, but when I clicked on the access denied button, it said you are not authorized to view this page. I assume there is a way to do it, but what I was wondering was if there ever would be an occasion where one would need to require users to be registered if the site was public.
Sorry, but I’m totally lost..
What access denied button? I didn’t see one in the login form.
There is a way to do what?
This is off-topic I think
Unfortunately, I think I am not going to be able to understand Grav well enough to be able to finish the project I really wanted to complete. I don’t want to bother anyone on this forum. I think the only way I would ever be able to complete the project I wanted to complete is to get help from someone who really knows what they are doing. There are too many things I do not understand about Grav for me to solve the remaining issues I have on my own.
Hey @phil,
Unfortunately, often, to learn one needs to suffer. There’s one thing I hope you learned from this, which from the way you describe seemed painful, is that AI chatbots are not what they claim to be. Another thing I think would be worth learning is that before using something one should learn a bit what that thing is, who made it and for what purpose, it’s wiser in order not to get into trouble. An AI chatbot will just tell you what you want to hear and repeat what most people would tell you (or better what people said most in it’s training data). Without enough training data on an issue a chatbot will just invent whatever random series of word seem could fit your question. So I’m not surprised it lead you into infinite complications.
About grav, I think pretty much each and every question that you’ve asked and that Karmalakas answered very patiently is actually also answered just by reading one single page: the login plugin documentation.
For your last questions on pages you want private not being private, my intuition is that you didn’t read the docs, especially the part about how to make a page private.
And to me it makes sense that a website has both public and private page, and only the site admin / authorized users can know which page should be public and which not, so by default I don’t see why pages should magically become private when you install the plugin.
That said, personally, without actually seeing your configuration I’m not able to provide any more help because I don’t have enough theoretic knowledge of the plugin, it’s actually reading the doc and trying to apply what it says that I think fiddling with the config one can fully figure out how to use it according to it’s needs.
But I’ll stop commenting because I think I’m not really bringing valuable info to this forum, and I’d prefer contribute with real knowledge or experience I have.
Wish you the best of luck for what you’re trying to achieve!